|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2020-03-02 22:49:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
[$] Attestation for kernel patches
The kernel development process is based on trust at many levels — trust in
developers, but also in the infrastructure that supports the community. In
some cases, that trust may not be entirely deserved; most of us have long
since learned not to trust much of anything that shows up in email, for
example, but developers still generally trust that emailed patches will be what
they appear to be. In his ongoing effort to bring more security to kernel
development, Konstantin Ryabitsev has proposed a
patch attestation scheme that could help subsystem maintainers verify
the provenance of the patches showing up in their mailboxes.
The kernel development process is based on trust at many levels — trust in
developers, but also in the infrastructure that supports the community. In
some cases, that trust may not be entirely deserved; most of us have long
since learned not to trust much of anything that shows up in email, for
example, but developers still generally trust that emailed patches will be what
they appear to be. In his ongoing effort to bring more security to kernel
development, Konstantin Ryabitsev has proposed a
patch attestation scheme that could help subsystem maintainers verify
the provenance of the patches showing up in their mailboxes.
